Protect the Privacy of Your Medical Records

Every patient needs to be very knowledgeable about the privacy of their medical records and inquire what is being put into the records. With the latest revelations from the leaked documents slowly emerging from the surfeit of files taken by Edward Snowden, it is apparent that the very means of keeping electronic medical records secure are not really that secure. The National Security Agency (NSA) has quietly been succeeding at overcoming most encryption technology used to protect documents that are kept securely online, including banking, medical records, and encrypted email. Also, there has been reported success at overcoming the VPN (virtual private network) which all businesses with remote connectivity use, including hospitals. Ironically, we have laws in place to guarantee the privacy of medical records (HIPAA), to prevent non-approved individuals from accessing records or being given private information. But the same government which passed these laws has devised ways to break these very same laws secretly through the actions of the NSA.

This is a complete violation of trust and needs to be strongly opposed by citizens making their desires known to their representatives and senators. Physicians, clinics, and hospitals can be severely penalized financially for any inappropriate release of medical information. The government, which devised and passed these laws, should also submit itself to these laws, not flagrantly violate them and smugly act as if it doesn’t matter. True leaders in government are servants to the people, not lords over them. We are supposed to have a republic in America, not tyranny.

Recently a patient, who happened to be a veteran, visited my private clinic. What was alarming, was that the patient came to me because he was fearful of going to the Veterans Administration for healthcare because of the nature of the medical concern. This was not something that involved threats to the patient or anyone else, but concerned sensitive and embarrassing problems can happen to anyone. The confidentiality of the medical relationship and records has to be maintained or patients will not disclose the true nature of their problems. This results in harm to the patient and prevents the physician from truly helping the patient. The same hyper-regulated government system that causes our veterans to fear for their privacy, is being pushed upon all citizens now. The results are not going to be beneficial for the doctor-patient relationship and will harm patients if they cannot feel comfortable discussing whatever is on their minds without worrying about what is written into the medical record.

I would recommend that patients be very aware of how their medical records are stored and what safeguards are in place to protect them from snooping eyes. Even if the records are difficult to access from the internet, they still could be accessed by anyone with the knowledge to do so. Records should be encrypted as they are stored to help limit anyone being able to decipher them if the files were obtained. In an effort to ease costs and complexity, many hospitals and offices are moving to “cloud” networks in which medical records are stored on some remote computer that might not even be in the same state. It is best if your physician and hospital store your records only on site with an encrypted backup of the files in the possession of the physician or hospital designated person in case of disaster at the main site of storage. Given the knowledge now of methods to overcome current encryption technology, it will be necessary to devise newer, more secure ways of encrypting medical data so that your medical records can stay between you and your physician, like they should be.

David P. Smith MD is a family physician in private practice in Mississippi.

About David Smith MD

Comments

The comment about your VA patient is very telling. I have the same experience with Medicaid patients in the residency clinic. Patients are not open or honest. They view the doctor as an extension of the state, and not a personal physician with the confidentiality that should provide.